More than 1,000 people complained about the Bedfordshire-based company, which made unsolicited calls relating to road accident and insurance policy compensation.

The same fine was levied against telecoms firm TalkTalk after its huge data breach in October 2015.

But David Higgins, founder of Norfolk-based digital security company 4ITSec, says that figure could have been more than 30 times higher under new data protection legislation.

General Data Protection Regulation (GDPR), due to come into effect in May 2018 to replace the Data Protection Act, will give the ICO the power to hand down fines of up to 20m Euros (£16.8m), compared to the current £500,000 maximum.

Mr Higgins said: “The new GDPR laws are aimed at protecting ‘personally identifiable information’ in a much more rigorous manner – especially over the ‘right of consent’ which must be explicitly given by the individual to have their data held for specific purposes.”

He added that the ICO is expected to enforce the new GDPR in a “thorough manner”.

Keurboom has since been placed in liquidation, which the ICO says will make recovering the fine more difficult.

But Mr Higgins claimed liquidation was a “typical ploy” by firms caught by the ICO under current privacy and electronic communications regulations to avoid paying fines.

As the introduction of the General Data Protection Regulation (GDPR) approaches, Bethany Whymark speaks to East Anglian experts about the facts – and myths – around the biggest data protection shake-up in two decades.